Tagged Questions

A hash algorithm is a function which takes a variable size input and produces a fixed size output. The algorithm tries to make it difficult to predict the output for a given input, find two inputs with the same output, or reconstruct the input from the output.

I have recently setup "2-step verification" for my Google account.
One of the features is the ability to create "Application-specific passwords
" for devices that do not support the 2 step process. ...

When using OpenSSH server (sshd) and client (ssh), what are all of the default / program preferred ciphers, hash, etc. (security related) and their default options (such as key length)?
So, what are ...

I started reading about password hashing recently on multiple sites like this page on crackstation and others, and for what I have understood, I should avoid using hashing algorithms like md5 and sha1 ...

At work the hashing algorithm we use for passwords appears to be bespoke. Obviously that's a pretty bad idea, but the management don't seem bothered.
The algorithm always produces 20 character long ...

When users register on my site, I want to store their username and hashed password in my database. When I hash that password, I'm going to salt it using PHP.
The issue is, I don't want to store the ...

Most of discussions involving access credentials include references to "hashing salted passwords". Is this another way to referring to the HMAC algorithm or a totally different operation? Different or ...

I'm writing a small webapp and I don't want to transmit login passwords as cleartext. As I don't have SSL available I've written a one-time challenge system which sends a random string with the login ...

We are currently using HMACSHA512 in .net, with a 128Char (64byte) validation key
The salt is 64 char randomly generated string.
We allocated 2048 length on the database for the hashed base64 string ...

It has been known since 2004 that the MD5 hash is vulnerable to collision attacks (update - not "preimage" attacks - my mistake....). Yet it still seems that people are using it to identify malware. ...

You have a plain text password and salt. The plain text password is assumed to be securely random and only known by the user and the salt is no secret and not necessarily unique but stored alongside ...

I came across this very alarming sounding thread which indicates a GPU with about half the compute capacity of the GPU currently powering the monitor I type this on is capable of 11.5k c/s.
I'm not ...

Let's take a chat system, where any user can create a channel with a password protection. Thus, other users may only join using the channel password.
This password is therefore known to every person ...

I was trying to design an authentication system that would make it much harder to guess a password via brute force, and reduce the risk to a user if the hashed password was stolen through a snooping ...

In the wake of all these leaked/stolen/hacked government login/passwords being stolen it got me thinking.
How is the leaking of these passwords even possible? Or are they of any real use?
Aren't all ...

Some financial websites that I use use passwords in a peculiar way. Instead of asking me the whole password string, they only ask me to enter e.g. "3rd, 5th and 8th character of your password", i.e. a ...